dovecot/deliver

EXIM, sendmail, postfix, Dovecot и прочие. Решение проблем связанных с работой электронной почты

Модератор: xM

Правила форума
Убедительная просьба юзать теги [code] при оформлении листингов.
Сообщения не оформленные должным образом имеют все шансы быть незамеченными.
Аватара пользователя
f0s
ст. лейтенант
Сообщения: 1082
Зарегистрирован: 2007-03-13 18:43:31
Откуда: Санкт-Петербург
Контактная информация:

dovecot/deliver

Непрочитанное сообщение f0s » 2008-02-19 19:50:19

сталкунлся с такой траблой:

Код: Выделить всё

Feb 19 18:59:49 mail deliver(admin@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=26: Operation not permitted
Feb 19 19:00:46 mail deliver(admin@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=26: Operation not permitted
Feb 19 19:02:56 mail deliver(admin@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=6: Operation not permitted
Feb 19 19:04:45 mail deliver(admin@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=6: Operation not permitted
Feb 19 19:29:04 mail deliver(admin@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=6: Operation not permitted
Feb 19 19:29:04 mail deliver(assistant@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=6: Operation not permitted
Feb 19 19:30:25 mail deliver(admin@artpaint.spb.ru): setgid(36385) failed with euid=26, egid=6: Operation not permitted

gid 36385 - это группа users для все юзеров в лдапе:

Код: Выделить всё

[f0s@mail] /var/log/> id zainutdinova
uid=5020(zainutdinova) gid=36385(users) groups=36385(users), 14953(marketing)
не знаю, что ему не нравится.. вот конифг екзима (но с экзимом проблем нет, я тестил на exim -d -bt admin@artpaint.spb.ru, на что получил итог, что письмо передается на обратоку dovecot/deliver), где собсно и случается затык

Код: Выделить всё

dovecot_delivery:
  driver = pipe
  command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain
  message_prefix =
  message_suffix =
  delivery_date_add
  envelope_to_add
  return_path_add
  log_output
  user = mailnull
  group = mail

вот конфиг dovecot.conf:

Код: Выделить всё

base_dir = /var/run/dovecot/

protocols = imaps
   protocol imap {
     ssl_listen = 192.168.10.8:10993
   }

disable_plaintext_auth = yes

shutdown_clients = yes

##
## Logging
##

# Log file to use for error messages, instead of sending them to syslog.
# /dev/stderr can be used to log into stderr.
#log_path = /var/log/dovecot.log

# Log file to use for informational and debug messages.
# Default is the same as log_path.
#info_log_path = 

# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "

syslog_facility = mail

##
## SSL settings
##
# Disable SSL/TLS support.
ssl_disable = no

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem


##
## Login processes
##

# <doc/wiki/LoginProcess.txt>

# Directory where authentication process places authentication UNIX sockets
# which login needs to be able to connect to. The sockets are created when
# running as root, so you don't have to worry about permissions. Note that
# everything in this directory is deleted when Dovecot is started.
login_dir = /var/run/dovecot/login

# chroot login process to the login_dir. Only reason not to do this is if you
# wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
login_chroot = yes

# User to use for the login process. Create a completely new user for this,
# and don't use it anywhere else. The user must also belong to a group where
# only it has access, it's used to control access for authentication process.
# Note that this user is NOT used to access mails. <doc/wiki/UserIds.txt>
login_user = dovecot

# Set max. process size in megabytes. If you don't use
# login_process_per_connection you might need to grow this.
login_process_size = 64

# Should each login be processed in it's own process (yes), or should one
# login process be allowed to process multiple connections (no)? Yes is more
# secure, espcially with SSL/TLS enabled. No is faster since there's no need
# to create processes all the time.
login_process_per_connection = yes

# Number of login processes to keep for listening new connections.
login_processes_count = 3

login_max_processes_count = 64


# Greeting message for clients.
login_greeting = Microsoft Exchange Server

# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c

# Login log format. %$ contains login_log_format_elements string, %s contains
# the data we want to log.
login_log_format = %$: %s

##
## Mailbox locations and namespaces
##

# Location for users' mailboxes. This is the same as the old default_mail_env
# setting. The default is empty, which means that Dovecot tries to find the
# mailboxes automatically. This won't work if the user doesn't have any mail
# yet, so you should explicitly tell Dovecot the full location.
# There are a few special variables you can use, eg.:
#
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if there's no domain
#   %h - home directory
#
# See doc/wiki/Variables.txt for full list. Some examples:
#
#   mail_location = maildir:~/Maildir
#   mail_location = mbox:~/mail:INBOX=/var/mail/%u
#   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
#
# <doc/wiki/MailLocation.txt>
#

mail_location = maildir:/mail/%u

mail_extra_groups = mail


verbose_proctitle = yes

# Valid UID range for users, defaults to 500 and above. This is mostly
# to make sure that users can't log in as daemons or other system users.
# Note that denying root logins is hardcoded to dovecot binary and can't
# be done even if first_valid_uid is set to 0.
first_valid_uid = 25


# Valid GID range for users, defaults to non-root/wheel. Users having
# non-valid GID as primary group ID aren't allowed to log in. If user
# belongs to supplementary groups with non-valid GIDs, those groups are
# not set.

first_valid_gid = 0


##
## IMAP specific settings
##

protocol imap {
  imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
}
  
##
## POP3 specific settings
##

protocol pop3 {

  pop3_uidl_format = %08Xu%08Xv

  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

##
## LDA specific settings
##

protocol lda {
  # Address to use when sending rejection mails.
  postmaster_address = admin@artpaint.spb.ru


  # Binary to use for sending mails.
  sendmail_path = /usr/sbin/sendmail

  # UNIX socket path to master authentication server to find users.
  auth_socket_path = /var/run/dovecot/auth-master
}


auth default {
  mechanisms = plain
    socket listen {
	master {
	    path = /var/run/dovecot/auth-master
	    mode = 0600
	    user = mailnull
	    group = mail
	}
    }

  # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
  passdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}

  # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>
  userdb ldap {
args = /usr/local/etc/dovecot-ldap.conf
}


  user = root

}

##
## Dictionary server settings
##

dict {

}

##
## Plugin settings
##

plugin {
}

и вот dovecot-ldap.conf:

Код: Выделить всё

hosts = 127.0.0.1:389

# Distinguished Name - the username used to login to the LDAP server
dn = cn=root,dc=artpaint,dc=spb,dc=ru

# Password for LDAP server
dnpass = secret


# Use authentication binding for verifying password's validity. This works by
# logging into LDAP server using the username and password given by client.
# The pass_filter is used to find the DN for the user. Note that the pass_attrs
# is still used, only the password field is ignored in it. Before doing any
# search, the binding is switched back to the default DN.
auth_bind = yes

# If authentication binding is used, you can save one LDAP request per login
# if users' DN can be specified with a common template. The template can use
# the standard %variables (see user_filter). Note that you can't
# use any pass_attrs if you use this setting.
#
# If you use this setting, it's a good idea to use a different
# dovecot-ldap.conf for userdb (it can even be a symlink, just as long as the
# filename is different in userdb's args). That way one connection is used only
# for LDAP binds and another connection is used for user lookups. Otherwise
# the binding is changed to the default DN before each user lookup.
#
# For example:
#   auth_bind_userdn = cn=%u,ou=people,o=org
#
#auth_bind_userdn =

# LDAP protocol version to use. Likely 2 or 3.
ldap_version = 3

# LDAP base. %variables can be used here.
base = dc=artpaint,dc=spb,dc=ru

# Dereference: never, searching, finding, always
#deref = never

# Search scope: base, onelevel, subtree
scope = subtree

# User attributes are given in LDAP-name=dovecot-internal-name list. The
# internal names are:
#   uid - System UID
#   gid - System GID
#   home - Home directory
#   mail - Mail location
#
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/UserDatabase/ExtraFields
user_attrs = uidNumber=uid,gidNumber=gid,homeDirectory=home

# Filter for user lookup. Some variables can be used (see
# http://wiki.dovecot.org/Variables for full list):
#   %u - username
#   %n - user part in user@domain, same as %u if there's no domain
#   %d - domain part in user@domain, empty if user there's no domain
user_filter = (&(objectClass=dbmailUser)(mail=%n@%d))

# Password checking attributes:
#  user: Virtual user name (user@domain), if you wish to change the
#        user-given username to something else
#  password: Password, may optionally start with {type}, eg. {crypt}
# There are also other special fields which can be returned, see
# http://wiki.dovecot.org/PasswordDatabase/ExtraFields
pass_attrs = mail=user,userPassword=password

# If you wish to avoid two LDAP lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb ldap in dovecot.conf. In that case you'll
# also have to include user_attrs in pass_attrs field prefixed with "userdb_"
# string. For example:
#pass_attrs = uid=user,userPassword=password,homeDirectory=userdb_home,uidNumber=userdb_uid,gidNumber=userdb_gid

# Filter for password lookups
pass_filter = (&(objectClass=dbmailUser)(mail=%n@%d))

# Default password scheme. "{scheme}" before password overrides this.
# List of supported schemes is in: http://wiki.dovecot.org/Authentication
default_pass_scheme = CRYPT

# You can use same UID and GID for all user accounts if you really want to.
# If the UID/GID is still found from LDAP reply, it overrides these values.
#user_global_uid = 
#user_global_gid = 
named, named, what is my TTL value?..

[FidoNet 2:550/2 && 2:5030/4441]

Хостинговая компания Host-Food.ru
Хостинг HostFood.ru
 

Услуги хостинговой компании Host-Food.ru

Хостинг HostFood.ru

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Аватара пользователя
f0s
ст. лейтенант
Сообщения: 1082
Зарегистрирован: 2007-03-13 18:43:31
Откуда: Санкт-Петербург
Контактная информация:

Re: dovecot/deliver

Непрочитанное сообщение f0s » 2008-02-19 20:07:27

причем все работает, если в конфиге поставить:

вместо:

Код: Выделить всё

user_attrs = uidNumber=uid,gidNumber=gid,homeDirectory=home
написать:

Код: Выделить всё

user_attrs = uidNumber=26,gidNumber=6,homeDirectory=home

но тогда и папки в каталоге /mail создаются от имени mailnull
named, named, what is my TTL value?..

[FidoNet 2:550/2 && 2:5030/4441]

Аватара пользователя
paranoidchaos
мл. сержант
Сообщения: 80
Зарегистрирован: 2007-12-13 10:58:23

Re: dovecot/deliver

Непрочитанное сообщение paranoidchaos » 2008-02-20 20:28:09

с лдапом не скрещивал но вот открыл конфиг и пошёл по ссылкам

Код: Выделить всё

http://wiki.dovecot.org/HowTo/DovecotOpenLdap
http://wiki.dovecot.org/AuthDatabase/LDAP
http://wiki.dovecot.org/UserDatabase/
но тогда и папки в каталоге /mail создаются от имени mailnull
а так всегда кого укажешь в

Код: Выделить всё

   master {
       path = /var/run/dovecot/auth-master
       mode = 0600
       user = mailnull
       group = mail
   }
тот и будет иметь права на папки

Аватара пользователя
f0s
ст. лейтенант
Сообщения: 1082
Зарегистрирован: 2007-03-13 18:43:31
Откуда: Санкт-Петербург
Контактная информация:

Re: dovecot/deliver

Непрочитанное сообщение f0s » 2008-02-20 21:09:55

да в общем все заработало.. с лдапом скрестил...

все каталоги в /mail/ от пользователя mailnull создаются (а не от каждого конкретного)
named, named, what is my TTL value?..

[FidoNet 2:550/2 && 2:5030/4441]

111
проходил мимо

Re: dovecot/deliver

Непрочитанное сообщение 111 » 2008-02-21 16:19:16

Всем здравствуйте!

у меня такая проблема: решил поднять маил сервер exim+dovecot (pop3) отправка почты работает отлично, а вот получение не работает :( уже замучался лазить по форумам и мануалам... (

ОС freebsd 6.2 relase
#
####################################################################################
**dovecot.conf

base_dir = /var/run/dovecot/

protocols = pop3

listen = *

ssl_disable = yes

disable_plaintext_auth = no

shutdown_clients = yes

log_timestamp = "%b %d %H:%M:%S "

syslog_facility = mail

login_dir = /var/run/dovecot/login

login_chroot = yes

login_user = dovecot

login_process_size = 64

login_process_per_connection = yes

login_processes_count = 3

login_max_processes_count = 64

#login_max_logging_users = 128

login_greeting = Hi.

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s

verbose_proctitle = yes

mail_extra_groups = exim

#valid_chroot_dirs = /var/spool/mail:/var/mail

#default_mail_env = maildir:/var/mail/test.by/%n@%d
default_mail_env = maildir:/var/mail/test.by/%n@%d

umask = 0078

protocol pop3 {

#login_executable = /usr/local/dovecot/libexec/dovecot/pop3-login

# POP3
#mail_executable = /usr/local/dovecot/libexec/dovecot/pop3

#pop3_uidl_format = maildir:/var/mail/test.by/%f/Maildir
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

auth_verbose = yes
auth_debug = yes

auth default {
# plain digest-md5 cram-md5 apop anonymous
#
mechanisms = plain

passdb sql {
args=/usr/local/dovecot/etc/dovecot-sql.conf
}
userdb sql {
args=/usr/local/dovecot/etc/dovecot-sql.conf
}
user = root

#count = 3
}

#############################################################################################################33
** dovecot-sql.conf

driver = mysql

connect = host=localhost dbname=exim user=sqlmail password=****

default_pass_scheme = PLAIN

user_query = SELECT home, uid, gid FROM users WHERE id = '%n%d'

password_query = SELECT concat(id, '@', mbox_host) AS user, passwd FROM users WHERE id = '%n' AND mbox_host = '%d' (здесь я перепробывал уже наверно 10 вариантов)

##########################################################################################################
mysql db exim

mysql> show tables;

+----------------+
| Tables_in_exim |
+----------------+
| aliases |
| domains |
| userforward |
| users |
| users1 |
+----------------+
mysql> select * from users;
+-------+---------------+----------+------+------+-----------+-------------------+-------------------------+-------+--------+
| id | crypt | passwd | uid | gid | mbox_host | shell | home | quota | active |
+-------+---------------+----------+------+------+-----------+-------------------+-------------------------+-------+--------+
| xxx | 2iZL0GGzw4GGM | yyyy | 1004 | 12 | test.by | /usr/sbin/nologin | /var/mail/test.by/xxx | 127 | Y |
| admin | zjB8fX524dmlk | password | 1004 | 12 | test.by | /usr/sbin/nologin | /var/mail/test.by/admin | 127 | Y |
+-------+---------------+----------+------+------+-----------+-------------------+-------------------------+-------+--------+

вот!
далее пытаюсь залогиниться

telnet localhost 110
Trying localhost...
Connected to localhost.
Escape character is '^]'.
+OK Hi.
user xxx@test.by
+OK
pass yyyy
-ERR Temporary authentication failure.

(((

открываю лог:

Feb 21 15:09:50 test dovecot: auth(default): new auth connection: pid=50353
Feb 21 15:10:02 test dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=127.0.0.1 rip=127.0.0.1 resp=<hidden>
Feb 21 15:10:02 test dovecot: auth-worker(default): sql(xxx@test.by,127.0.0.1): query: SELECT concat(id, '@', mbox_host) AS user, passwd FROM users WHERE id = 'xxx' AND mbox_host = 'test.by'
Feb 21 15:10:02 test dovecot: auth-worker(default): sql(xxx@test.by,127.0.0.1): Password query must return a field named 'password'
Feb 21 15:10:03 test dovecot: auth(default): client out: FAIL 1 user=xxx@test.by temp
Feb 21 15:10:06 test dovecot: pop3-login: Aborted login (1 authentication attempts): user=<xxx@test.by>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured

##############################################
почта лежит в /var/mai/test.by/пользолатель

все права на все зависимые директории и фаилы поставил на время поднятия 777

подскажите в чем грабли, а то у меня скоро мозг закипит!

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35466
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: dovecot/deliver

Непрочитанное сообщение Alex Keda » 2008-02-21 16:48:04

ну он же пишет.
зпрос не возвращает поле с паролем.
или оно называется не так.
=========
и соробщения оформляйте нормально - не надо портянки вываливать.
Убей их всех! Бог потом рассортирует...

bzz
проходил мимо
Сообщения: 2
Зарегистрирован: 2008-02-21 15:50:02

Re: dovecot/deliver

Непрочитанное сообщение bzz » 2008-02-21 16:51:32

и если не секрет как где я не правильно оформил? :?:

Аватара пользователя
Alex Keda
стреляли...
Сообщения: 35466
Зарегистрирован: 2004-10-18 14:25:19
Откуда: Made in USSR
Контактная информация:

Re: dovecot/deliver

Непрочитанное сообщение Alex Keda » 2008-02-21 16:52:43

кнопочка

Код: Выделить всё

 - для оформления листингов.
иначе на трёх страницах хрен проссышь где у тя чё началось и кончилось =)
=========
и для своих вопросов - лучше свою тему заводить.
иначе непонятно кому что отвечать
Убей их всех! Бог потом рассортирует...

bzz
проходил мимо
Сообщения: 2
Зарегистрирован: 2008-02-21 15:50:02

Re: dovecot/deliver

Непрочитанное сообщение bzz » 2008-02-21 16:53:27

:mrgreen:
виноват исправлюсь..

Аватара пользователя
Khuman
рядовой
Сообщения: 27
Зарегистрирован: 2007-07-31 8:33:47
Откуда: Украина, Киев
Контактная информация:

Re: dovecot/deliver

Непрочитанное сообщение Khuman » 2008-02-28 16:49:21

Привет всем!

Настраивал по этой статье: http://www.lissyara.su/?id=1173
При отправке письма тестовому пользователю в лог сыпет:

Код: Выделить всё

Feb 28 15:26:17 mysrv exim[29190]: 2008-02-28 15:26:17 1JUhnl-0007YJ-Hy Unfrozen by errmsg timer
Feb 28 15:26:17 mysrv exim[29190]: 2008-02-28 15:26:17 1JUhnl-0007YJ-Hy ** test@my.com.ua R=dovecot_user T=dovecot_delivery: Child process of dovecot_delivery transport returned 127 (could mean unable to exec or command does not exist) from command: /usr/local/libexec/dovecot/deliver
Feb 28 15:26:17 mysrv exim[29190]: 2008-02-28 15:26:17 1JUhnl-0007YJ-Hy test@my.com.ua <test@my.com.ua>: error ignored
Feb 28 15:26:17 mysrv exim[29190]: 2008-02-28 15:26:17 1JUhnl-0007YJ-Hy Completed
Подскажите, плиз в какую сторону копать?
It comes in the night and sucks the essence from your computers. ©Kern Sibbald